Merge branch 'RMSv2' of http://42.61.118.105:7990/scm/rms/api-main-service into gladys-dev2

c9b4e426 · Gladys Forte · 2f9f7780 · de478737 · c9b4e426 · c9b4e426
Commit c9b4e426 authored Sep 13, 2019 by Gladys Forte
61 changed files
--- a/app/accesslayer/urls.py
+++ b/app/accesslayer/urls.py
@@ -8,7 +8,11 @@ urlpatterns = (
    re_path(r'^refresh-token/(?P<token>\w+)/$', views.RefreshToken.as_view(), name="Refresh Token"),
    path(r'current-user/', views.CurrentUser.as_view(), name="Current User"),

-    re_path(r'^forgot-password/(?P<username>\w+)/$', views.ForgotPassword.as_view(), name="Forgot Password"),
-    re_path(r'^validate-forgot-password-reset-token/(?P<token>\w+)/$', views.ValidateForgotPasswordResetToken.as_view(), name="Validate Forgot Password Reset Token"),
-    re_path(r'^forgot-password-reset/(?P<token>\w+)/$', views.ForgotPasswordReset.as_view(), name="Forgot Password Reset"),
+    # re_path(r'^forgot-password/(?P<username>\w+)/$', views.ForgotPassword.as_view(), name="Forgot Password"),
+    # re_path(r'^validate-forgot-password-reset-token/(?P<token>\w+)/$', views.ValidateForgotPasswordResetToken.as_view(), name="Validate Forgot Password Reset Token"),
+    # re_path(r'^forgot-password-reset/(?P<token>\w+)/$', views.ForgotPasswordReset.as_view(), name="Forgot Password Reset"),
+
+    path('forgot-password/', views.ForgotPassword.as_view()),
+    path('reset-password-link/', views.ValidateForgotPasswordResetToken.as_view()),
+    path('forgot-password-reset/', views.ForgotPasswordReset.as_view()),
 )
--- a/app/accesslayer/views.py
+++ b/app/accesslayer/views.py
 import json
+import threading
 from rest_framework import status
 from rest_framework.views import APIView
 from rest_framework.authtoken.views import ObtainAuthToken
@@ -16,26 +17,33 @@ from datetime import datetime
 from random import randrange
 from django.conf import settings
 from app.helper.email_service import sender
+from app.applicationlayer.utils import main_threading
+from rest_framework.exceptions import ParseError


 class Login(ObtainAuthToken):
    @decorators.error_safe
    def post(self, request, *args, **kwargs):
-        serializer = self.serializer_class(data=request.data,
+        try:
+            serializer = self.serializer_class(data=request.data,
                                           context={'request': request})
-        serializer.is_valid(raise_exception=True)
-        user = serializer.validated_data['user']
-        token, created = Token.objects.get_or_create(user=user)
+            serializer.is_valid(raise_exception=True)
+            user = serializer.validated_data['user']
+            token, created = Token.objects.get_or_create(user=user)

-        if not created:
-            token.created = datetime.now()
-            token.save()
+            if not created:
+                token.created = datetime.now()
+                token.save()

-        return Response({
-            'token': token.key,
-            # 'user_id': user.pk,
-            # 'email': user.email
-        })
+            return Response({
+                'token': token.key,
+                # 'user_id': user.pk,
+                # 'email': user.email
+            })
+        except Exception as e:
+            return Response(
+                {"message": "Unable to log in with provided credentials."}
+            )


 class Logout(APIView):
@@ -99,11 +107,16 @@ class CurrentUser(APIView):
 class ForgotPassword(APIView):
    permission_classes = (AllowAny,)

-    @decorators.error_safe
+    # @decorators.error_safe
    @transaction.atomic
-    def post(self, request, username=None, *args, **kwargs):
+    def post(self, request, *args, **kwargs):
+        email = request.data['email']
+        try:
+            user = request.user.email
+        except Exception as e:
+            user = str(settings.CATCH_EMAIL)

-        existingUser = User.objects.filter(username=username).first()
+        existingUser = User.objects.filter(email=email).first()

        if existingUser:
            # Check if there's existing request
@@ -114,8 +127,7 @@ class ForgotPassword(APIView):
                          is_active=True)\
                      .first()
            if exToken:
-                raise Exception(
-                    'There is an existing password reset for this user.')
+                raise ParseError('There is an existing password reset for this user.')

            REF = 'AUTH'
            TOKEN = ''
@@ -145,10 +157,16 @@ class ForgotPassword(APIView):
            url = f"{settings.FRONT_END_URL}/account/forgot-password-reset"\
                  f"?token={TOKEN}"

-            sender.forgot_password(
-                str(PASSCODE),
-                str(url),
-                str(existingUser.email))
+            args = [str(PASSCODE), str(url), str(existingUser.email), user]
+            # t1 = threading.Thread(target=sender.forgot_password, args=(args,))
+            # t1.start()
+
+            main_threading(args, sender.forgot_password)
+
+            args = [str(PASSCODE), str(url), user, str(existingUser.email)]
+            # t2 = threading.Thread(target=sender.forgot_password, args=(args,))
+            # t2.start()
+            main_threading(args, sender.forgot_password)

            return Response(data={"detail": "Forgot Password Sent"},
                            status=status.HTTP_200_OK)
@@ -162,7 +180,8 @@ class ValidateForgotPasswordResetToken(APIView):

    @decorators.error_safe
    @transaction.atomic
-    def post(self, request, token=None, *args, **kwargs):
+    def post(self, request, *args, **kwargs):
+        token = request.data['token']

        existingToken = AuthToken.objects.filter(token=token).first()
        if existingToken:
@@ -183,7 +202,7 @@ class ForgotPasswordReset(APIView):

    @decorators.error_safe
    @transaction.atomic
-    def post(self, request, token=None, *args, **kwargs):
+    def post(self, request, *args, **kwargs):

        body_unicode = request.body.decode('utf-8')
        body_data = json.loads(body_unicode)
@@ -192,6 +211,7 @@ class ForgotPasswordReset(APIView):
        password = body_data['password']
        password_confirm = body_data['password_confirm']
        passcode = body_data['passcode']
+        token = body_data['token']

        if not username:
            raise Exception('Username is required')
@@ -223,10 +243,18 @@ class ForgotPasswordReset(APIView):
            existingToken.is_active = False
            existingToken.save()

-            sender.password_changed(
-                str(existingToken.user.username),
-                str(datetime.now()),
-                str(existingToken.user.email))
+            # sender.password_changed(
+            #     str(existingToken.user.username),
+            #     str(datetime.now()),
+            #     str(existingToken.user.email))
+
+            # args = [str(PASSCODE), str(url), str(existingUser.email), user]
+            # t1 = threading.Thread(target=sender.forgot_password, args=(args,))
+            # t1.start()
+
+            # args = [str(PASSCODE), str(url), user, str(existingUser.email)]
+            # t2 = threading.Thread(target=sender.forgot_password, args=(args,))
+            # t2.start()

            return Response(data={"detail": "Forgot Password Reset Success"},
                            status=status.HTTP_200_OK)

--- a/app/applicationlayer/cms/form/serializers.py
+++ b/app/applicationlayer/cms/form/serializers.py
-from app.entities import models
-from rest_framework import serializers
-from django.db.models import Q
-from app.applicationlayer.cms.utils_cr import logged_user
-from drf_writable_nested import WritableNestedModelSerializer
-
-
-class ChangeRequestFormApproversSerializer(
-    serializers.ModelSerializer
-):
-    # def to_representation(self, instance):
-    #     ret = super().to_representation(instance)
-    #     try:
-    #         user = instance.user
-            
-    #         user_details = get_account_details(user)
-    #         name = user_details['name']
-    #         group = user_details['groups'][0]['name']
-    #         company = user_details['groups'][0]['company__name']
-
-    #         ret['name'] = name
-    #         ret['department'] = group
-    #         ret['company'] = company
-    #         return ret
-
-    #     except Exception as e:
-    #         ret['name'] = "none"
-    #         ret['department'] = "none"
-    #         ret['company'] = "none"
-    #         return ret
-
-    class Meta:
-        model = models.ChangeRequestFormApprovers
-        fields = '__all__'
-        read_only_fields = ['created', 'archived_at', 'code']
-
-
-class ChangeRequestFormStakeHoldersSerializer(
-    serializers.ModelSerializer
-):
-    class Meta:
-        model = models.ChangeRequestFormStakeHolders
-        fields = '__all__'
-        read_only_fields = ['created', 'archived_at', 'code']
-
-
-class ChangeRequestFormAttachmentsSerializer(
-    serializers.ModelSerializer
-):
-    class Meta:
-        model = models.ChangeRequestFormAttachments
-        fields = '__all__'
-        read_only_fields = ['created', 'archived_at', 'code']
-
-
-class ChangeRequestFormDetailsSerializer(
-    serializers.ModelSerializer
-):
-    class Meta:
-        model = models.ChangeRequestFormDetails
-        fields = '__all__'
-        read_only_fields = ['created', 'archived_at', 'code']
-
-
-class ChangeRequestFormHeaderSerializer(
-    WritableNestedModelSerializer
-):
-    frm_approvers = ChangeRequestFormApproversSerializer(
-        many=True, required=False)
-    frm_stakes = ChangeRequestFormStakeHoldersSerializer(
-        many=True, required=False)
-    frm_attachments = ChangeRequestFormAttachmentsSerializer(
-        many=True, required=False)
-    frm_details = ChangeRequestFormDetailsSerializer(
-        many=True, required=False)
-    
-    def to_representation(self, instance):
-        ret = super().to_representation(instance)
-        try:
-            # id_number = self.context.get('request').META.get('user')
-            user = self.context['request'].user
-            print(user)
-
-            # id_number = "USER-20190909-0000005"
-            current_level = models.ChangeRequestFormApprovers.objects.filter(
-                Q(form_code=ret['form_code']) &
-                Q(archived_at=None) &
-                (Q(action='') | Q(action=None))
-            ).order_by('level')
-
-            if current_level.first()['user'] == id_number:
-                if instance.status.lower() == 'rejected':
-                    approver = 'No'
-                elif instance.status.lower() == 'cancelled':
-                    approver = 'No'
-                elif instance.status.lower() == 'closed':
-                    approver = 'No'
-                else:
-                    approver = 'Yes'
-            else:
-                approver = 'No'
-            ret['action'] = approver
-            return ret
-        except Exception as e:
-            ret['action'] = "No"
-            return ret
-
-    class Meta:
-        model = models.ChangeRequestFormHeader
-        # fields = '__all__'
-        fields = ('form_code', 'requested_to_template_name', 'requested_to_objective',
-                  'requested_to_target_date', 'requested_to_priority',
-                  'description', 'created', 'cancel_date', 'status',
-                  'company_desc', 'department_desc', 'requested_desc',
-                  'requested_to_template_id', 'requested_to_company',
-                  'requested_to_department', 'requested_to_user',
-                  'requested_by_user', 'requested_by_department',
-                  'template_no', 'frm_approvers', 'frm_stakes',
-                  'frm_attachments', 'frm_details')
-
-        read_only_fields = ['created', 'archived_at', 'form_code']
+from app.entities import models
+from rest_framework import serializers
+from django.db.models import Q
+from app.applicationlayer.cms.utils_cr import logged_user
+from drf_writable_nested import WritableNestedModelSerializer
+
+
+class ChangeRequestFormApproversSerializer(
+    serializers.ModelSerializer
+):
+    # def to_representation(self, instance):
+    #     ret = super().to_representation(instance)
+    #     try:
+    #         user = instance.user
+            
+    #         user_details = get_account_details(user)
+    #         name = user_details['name']
+    #         group = user_details['groups'][0]['name']
+    #         company = user_details['groups'][0]['company__name']
+
+    #         ret['name'] = name
+    #         ret['department'] = group
+    #         ret['company'] = company
+    #         return ret
+
+    #     except Exception as e:
+    #         ret['name'] = "none"
+    #         ret['department'] = "none"
+    #         ret['company'] = "none"
+    #         return ret
+
+    class Meta:
+        model = models.ChangeRequestFormApprovers
+        fields = '__all__'
+        read_only_fields = ['created', 'archived_at', 'code']
+
+
+class ChangeRequestFormStakeHoldersSerializer(
+    serializers.ModelSerializer
+):
+    class Meta:
+        model = models.ChangeRequestFormStakeHolders
+        fields = '__all__'
+        read_only_fields = ['created', 'archived_at', 'code']
+
+
+class ChangeRequestFormAttachmentsSerializer(
+    serializers.ModelSerializer
+):
+    class Meta:
+        model = models.ChangeRequestFormAttachments
+        fields = '__all__'
+        read_only_fields = ['created', 'archived_at', 'code']
+
+
+class ChangeRequestFormDetailsSerializer(
+    serializers.ModelSerializer
+):
+    class Meta:
+        model = models.ChangeRequestFormDetails
+        fields = '__all__'
+        read_only_fields = ['created', 'archived_at', 'code']
+
+
+class ChangeRequestFormHeaderSerializer(
+    WritableNestedModelSerializer
+):
+    frm_approvers = ChangeRequestFormApproversSerializer(
+        many=True, required=False)
+    frm_stakes = ChangeRequestFormStakeHoldersSerializer(
+        many=True, required=False)
+    frm_attachments = ChangeRequestFormAttachmentsSerializer(
+        many=True, required=False)
+    frm_details = ChangeRequestFormDetailsSerializer(
+        many=True, required=False)
+    
+    def to_representation(self, instance):
+        ret = super().to_representation(instance)
+        try:
+            # id_number = self.context.get('request').META.get('user')
+            user = self.context['request'].user
+            print(user)
+
+            # id_number = "USER-20190909-0000005"
+            current_level = models.ChangeRequestFormApprovers.objects.filter(
+                Q(form_code=ret['form_code']) &
+                Q(archived_at=None) &
+                (Q(action='') | Q(action=None))
+            ).order_by('level')
+
+            if current_level.first()['user'] == id_number:
+                if instance.status.lower() == 'rejected':
+                    approver = 'No'
+                elif instance.status.lower() == 'cancelled':
+                    approver = 'No'
+                elif instance.status.lower() == 'closed':
+                    approver = 'No'
+                else:
+                    approver = 'Yes'
+            else:
+                approver = 'No'
+            ret['action'] = approver
+            return ret
+        except Exception as e:
+            ret['action'] = "No"
+            return ret
+
+    class Meta:
+        model = models.ChangeRequestFormHeader
+        # fields = '__all__'
+        fields = ('form_code', 'requested_to_template_name', 'requested_to_objective',
+                  'requested_to_target_date', 'requested_to_priority',
+                  'description', 'created', 'cancel_date', 'status',
+                  'company_desc', 'department_desc', 'requested_desc',
+                  'requested_to_template_id', 'requested_to_company',
+                  'requested_to_department', 'requested_to_user',
+                  'requested_by_user', 'requested_by_department',
+                  'template_no', 'frm_approvers', 'frm_stakes',
+                  'frm_attachments', 'frm_details')
+
+        read_only_fields = ['created', 'archived_at', 'form_code']
--- a/app/applicationlayer/cms/form/views.py
+++ b/app/applicationlayer/cms/form/views.py
--- a/app/applicationlayer/cms/template/serializers.py
+++ b/app/applicationlayer/cms/template/serializers.py
-from app.entities import models
-from rest_framework import serializers
-from django.db.models import Q
-from drf_writable_nested import WritableNestedModelSerializer
-
-
-class ChangeRequestTemplateApproversSerializer(
-    serializers.ModelSerializer
-):
-    class Meta:
-        model = models.ChangeRequestTemplateApprovers
-        fields = '__all__'
-        read_only_fields = ['created', 'archived_at', 'code']
-
-
-class ChangeRequestTemplateStakeHoldersSerializer(
-    serializers.ModelSerializer
-):
-    class Meta:
-        model = models.ChangeRequestTemplateStakeHolders
-        fields = '__all__'
-        read_only_fields = ['created', 'archived_at', 'code']
-    
-
-class ChangeRequestTemplateAttachmentsSerializer(
-    serializers.ModelSerializer
-):
-    class Meta:
-        model = models.ChangeRequestTemplateAttachments
-        fields = '__all__'
-        read_only_fields = ['created', 'archived_at', 'code']
-
-
-class ChangeRequestTemplateDetailsSerializer(
-    serializers.ModelSerializer
-):
-    class Meta:
-        model = models.ChangeRequestTemplateDetails
-        fields = '__all__'
-        read_only_fields = ['created', 'archived_at', 'code']
-
-# comment
-class ChangeRequestTemplatesSerializer(
-    WritableNestedModelSerializer
-):
-    tmp_approvers = ChangeRequestTemplateApproversSerializer(
-        many=True, required=False)
-    tmp_stakes = ChangeRequestTemplateStakeHoldersSerializer(
-        many=True, required=False)
-    tmp_attachments = ChangeRequestTemplateAttachmentsSerializer(
-        many=True, required=False)
-    tmp_details = ChangeRequestTemplateDetailsSerializer(
-        many=True, required=False)
-
-    class Meta:
-        model = models.ChangeRequestTemplateHeader
-        # fields = '__all__'
-        fields = ('template_no', 'requested_to_template_name',
-                  'requested_to_objective', 'requested_to_target_date',
-                  'requested_to_priority', 'description', 'created',
-                  'requested_to_template_id', 'requested_to_company',
-                  'requested_to_department', 'requested_to_user',
-                  'created_by_user', 'created_by_department', 'tmp_approvers',
-                  'tmp_stakes', 'tmp_attachments', 'tmp_details')
-
+from app.entities import models
+from rest_framework import serializers
+from django.db.models import Q
+from drf_writable_nested import WritableNestedModelSerializer
+
+
+class ChangeRequestTemplateApproversSerializer(
+    serializers.ModelSerializer
+):
+    class Meta:
+        model = models.ChangeRequestTemplateApprovers
+        fields = '__all__'
+        read_only_fields = ['created', 'archived_at', 'code']
+
+
+class ChangeRequestTemplateStakeHoldersSerializer(
+    serializers.ModelSerializer
+):
+    class Meta:
+        model = models.ChangeRequestTemplateStakeHolders
+        fields = '__all__'
+        read_only_fields = ['created', 'archived_at', 'code']
+    
+
+class ChangeRequestTemplateAttachmentsSerializer(
+    serializers.ModelSerializer
+):
+    class Meta:
+        model = models.ChangeRequestTemplateAttachments
+        fields = '__all__'
+        read_only_fields = ['created', 'archived_at', 'code']
+
+
+class ChangeRequestTemplateDetailsSerializer(
+    serializers.ModelSerializer
+):
+    class Meta:
+        model = models.ChangeRequestTemplateDetails
+        fields = '__all__'
+        read_only_fields = ['created', 'archived_at', 'code']
+
+# comment
+class ChangeRequestTemplatesSerializer(
+    WritableNestedModelSerializer
+):
+    tmp_approvers = ChangeRequestTemplateApproversSerializer(
+        many=True, required=False)
+    tmp_stakes = ChangeRequestTemplateStakeHoldersSerializer(
+        many=True, required=False)
+    tmp_attachments = ChangeRequestTemplateAttachmentsSerializer(
+        many=True, required=False)
+    tmp_details = ChangeRequestTemplateDetailsSerializer(
+        many=True, required=False)
+
+    class Meta:
+        model = models.ChangeRequestTemplateHeader
+        # fields = '__all__'
+        fields = ('template_no', 'requested_to_template_name',
+                  'requested_to_objective', 'requested_to_target_date',
+                  'requested_to_priority', 'description', 'created',
+                  'requested_to_template_id', 'requested_to_company',
+                  'requested_to_department', 'requested_to_user',
+                  'created_by_user', 'created_by_department', 'tmp_approvers',
+                  'tmp_stakes', 'tmp_attachments', 'tmp_details')
+
        read_only_fields = ['created', 'archived_at', 'template_no']
\ No newline at end of file
--- a/app/applicationlayer/cms/template/views.py
+++ b/app/applicationlayer/cms/template/views.py
--- a/app/applicationlayer/cms/utils_cr.py
+++ b/app/applicationlayer/cms/utils_cr.py
--- a/app/applicationlayer/management/account/serializer.py
+++ b/app/applicationlayer/management/account/serializer.py
 from rest_framework import serializers
-from app.entities.models import User
+from app.entities.models import User, Department
 import ast
 from django.contrib.auth.hashers import make_password, check_password
 import re
+from django.contrib.auth import authenticate


 class UserSerializer(serializers.ModelSerializer):
+
+    def to_representation(self, instance):
+
+        # department = Department.objects.filter(
+        #     id=instance.company.id
+        # ).values().first()
+
+        # company_name = Department.objects.filter(
+        #     id=instance.company.id
+        # ).values().first()
+
+        ret = super().to_representation(instance)
+        ret['department_name'] = instance.department.name
+        ret['company_name'] = instance.department.company.name
+
+        return ret
    class Meta:
        model = User
        fields = (
@@ -15,10 +32,10 @@ class UserSerializer(serializers.ModelSerializer):
            'department',
            'email', 'default_app',
            'user_type', 'is_active',
-            'doa',
-            # 'password',
+            'doa'

        )
+
        read_only_fields = (
            'created', 'createdby', 'modified', 'modifiedby', 'code',
        )
@@ -27,34 +44,45 @@ class UserSerializer(serializers.ModelSerializer):
 class ChangePasswordSerializer(serializers.Serializer):
    old_password = serializers.CharField(required=True)
    new_password = serializers.CharField(required=True, min_length=6)
+    new_password_confirm = serializers.CharField(required=True, min_length=6)

    def validate(self, data):
-        instance = self.context.get("instance")
+
+        instance = self.context.get('view').kwargs['pk']
        old_password = data['old_password']
        new_password = data['new_password']
+
        instance_password = User.objects.filter(
            id=instance
        )
+
        validated_password = check_password(
            old_password,
            instance_password.values().first()['password']
        )

        if validated_password:
+
            password = re.match(
                '([A-Za-z]+[0-9]|[0-9]+[A-Za-z])[A-Za-z0-9]*',
                data['new_password']
            )
+
            if password:
+
                new_password = make_password(data['new_password'])
                instance_password.update(password=new_password)
                instance = User.objects.get(id=instance)
                return instance
+
            elif len(new_password) <= 5:
+
                raise serializers.ValidationError(
                    'Password must be minimum of 6 characters'
                )
+
            else:
+
                raise serializers.ValidationError(
                    'password must be alpha numeric format'
                )

--- a/app/applicationlayer/management/account/views.py
+++ b/app/applicationlayer/management/account/views.py
--- a/app/applicationlayer/management/user/serializers.py
+++ b/app/applicationlayer/management/user/serializers.py
@@ -53,7 +53,6 @@ class UserManagementRetreiveSerializer(serializers.ModelSerializer):
            'email', 'default_app',
            'user_type', 'is_active',
            'doa',
-            
        )
        # exclude = ['password', 'application', 'groups', 'user_permissions']

@@ -97,6 +96,7 @@ class UserManagementRetreiveSerializer(serializers.ModelSerializer):

                if user.user_type == 'SU':
                    mod = data.modules.all().values()
+                    remove = []
                elif user.user_type == 'OUA':
                    remove.remove("Department Management")
                    remove.remove("User Management")

--- a/app/applicationlayer/utils.py
+++ b/app/applicationlayer/utils.py
+import threading
 from rest_framework.pagination import PageNumberPagination
 from rest_framework.response import Response
 from functools import wraps
@@ -108,4 +109,13 @@ class QuerySetHelper:
                    with_params.append(filtering_kwargs)
                    raw_query = {"$or": with_params}
                    context.queryset = context.queryset(__raw__=raw_query)
-        return context.queryset
\ No newline at end of file
+        return context.queryset
+
+
+def main_threading(args, func_name):
+    t1 = threading.Thread(
+        target=func_name, args=(args,),
+        daemon=False
+    )
+    t1.start()
+    return True
--- a/app/entities/migrations/0007_auto_20190911_1026.py
+++ b/app/entities/migrations/0007_auto_20190911_1026.py
+# Generated by Django 2.2 on 2019-09-11 10:26
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('entities', '0006_emaillogs_is_sent'),
+    ]
+
+    operations = [
+        migrations.AlterModelTable(
+            name='emaillogs',
+            table='email_logs',
+        ),
+    ]
--- a/app/entities/migrations/0007_auto_20190911_1102.py
+++ b/app/entities/migrations/0007_auto_20190911_1102.py
-# Generated by Django 2.2 on 2019-09-11 11:02
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('entities', '0006_emaillogs_is_sent'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='changerequestformheader',
-            name='requested_to_template_id',
-            field=models.CharField(max_length=255),
-        ),
-    ]
+# Generated by Django 2.2 on 2019-09-11 11:02
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('entities', '0006_emaillogs_is_sent'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='changerequestformheader',
+            name='requested_to_template_id',
+            field=models.CharField(max_length=255),
+        ),
+    ]
--- a/app/entities/migrations/0008_auto_20190911_1715.py
+++ b/app/entities/migrations/0008_auto_20190911_1715.py
-# Generated by Django 2.2 on 2019-09-11 17:15
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('entities', '0007_auto_20190911_1102'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='changerequesthistory',
-            name='form_code',
-            field=models.CharField(blank=True, max_length=255, null=True),
-        ),
-    ]
+# Generated by Django 2.2 on 2019-09-11 17:15
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('entities', '0007_auto_20190911_1102'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='changerequesthistory',
+            name='form_code',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+    ]
--- a/app/entities/migrations/0008_passwordreset.py
+++ b/app/entities/migrations/0008_passwordreset.py
+# Generated by Django 2.2 on 2019-09-11 11:53
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('entities', '0007_auto_20190911_1026'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='PasswordReset',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('email', models.EmailField(max_length=255)),
+                ('token', models.CharField(max_length=255)),
+                ('created_at', models.DateTimeField()),
+                ('timeout_at', models.DateTimeField()),
+                ('is_active', models.BooleanField(default=True)),
+                ('code', models.CharField(max_length=50)),
+            ],
+            options={
+                'db_table': 'password_resets',
+            },
+        ),
+    ]
--- a/app/entities/migrations/0009_auto_20190911_1845.py
+++ b/app/entities/migrations/0009_auto_20190911_1845.py
-# Generated by Django 2.2 on 2019-09-11 18:45
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('entities', '0008_auto_20190911_1715'),
-    ]
-
-    operations = [
-        migrations.RenameField(
-            model_name='changerequestformapprovers',
-            old_name='deleted_at',
-            new_name='archived_at',
-        ),
-        migrations.RenameField(
-            model_name='changerequestformattachments',
-            old_name='deleted_at',
-            new_name='archived_at',
-        ),
-        migrations.RenameField(
-            model_name='changerequestformdetails',
-            old_name='deleted_at',
-            new_name='archived_at',
-        ),
-        migrations.RenameField(
-            model_name='changerequestformheader',
-            old_name='deleted_at',
-            new_name='archived_at',
-        ),
-        migrations.RenameField(
-            model_name='changerequestformstakeholders',
-            old_name='deleted_at',
-            new_name='archived_at',
-        ),
-        migrations.RenameField(
-            model_name='changerequesttemplateapprovers',
-            old_name='deleted_at',
-            new_name='archived_at',
-        ),
-        migrations.RenameField(
-            model_name='changerequesttemplateattachments',
-            old_name='deleted_at',
-            new_name='archived_at',
-        ),
-        migrations.RenameField(
-            model_name='changerequesttemplatedetails',
-            old_name='deleted_at',
-            new_name='archived_at',
-        ),
-        migrations.RenameField(
-            model_name='changerequesttemplateheader',
-            old_name='deleted_at',
-            new_name='archived_at',
-        ),
-        migrations.RenameField(
-            model_name='changerequesttemplatestakeholders',
-            old_name='deleted_at',
-            new_name='archived_at',
-        ),
-    ]
+# Generated by Django 2.2 on 2019-09-11 18:45
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('entities', '0008_auto_20190911_1715'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='changerequestformapprovers',
+            old_name='deleted_at',
+            new_name='archived_at',
+        ),
+        migrations.RenameField(
+            model_name='changerequestformattachments',
+            old_name='deleted_at',
+            new_name='archived_at',
+        ),
+        migrations.RenameField(
+            model_name='changerequestformdetails',
+            old_name='deleted_at',
+            new_name='archived_at',
+        ),
+        migrations.RenameField(
+            model_name='changerequestformheader',
+            old_name='deleted_at',
+            new_name='archived_at',
+        ),
+        migrations.RenameField(
+            model_name='changerequestformstakeholders',
+            old_name='deleted_at',
+            new_name='archived_at',
+        ),
+        migrations.RenameField(
+            model_name='changerequesttemplateapprovers',
+            old_name='deleted_at',
+            new_name='archived_at',
+        ),
+        migrations.RenameField(
+            model_name='changerequesttemplateattachments',
+            old_name='deleted_at',
+            new_name='archived_at',
+        ),
+        migrations.RenameField(
+            model_name='changerequesttemplatedetails',
+            old_name='deleted_at',
+            new_name='archived_at',
+        ),
+        migrations.RenameField(
+            model_name='changerequesttemplateheader',
+            old_name='deleted_at',
+            new_name='archived_at',
+        ),
+        migrations.RenameField(
+            model_name='changerequesttemplatestakeholders',
+            old_name='deleted_at',
+            new_name='archived_at',
+        ),
+    ]
--- a/app/entities/migrations/0010_auto_20190913_1143.py
+++ b/app/entities/migrations/0010_auto_20190913_1143.py
-# Generated by Django 2.2 on 2019-09-13 11:43
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('entities', '0009_auto_20190911_1845'),
-    ]
-
-    operations = [
-        migrations.RemoveField(
-            model_name='changerequestformapprovers',
-            name='archived_at',
-        ),
-        migrations.RemoveField(
-            model_name='changerequestformattachments',
-            name='archived_at',
-        ),
-        migrations.RemoveField(
-            model_name='changerequestformdetails',
-            name='archived_at',
-        ),
-        migrations.RemoveField(
-            model_name='changerequestformheader',
-            name='archived_at',
-        ),
-        migrations.RemoveField(
-            model_name='changerequestformstakeholders',
-            name='archived_at',
-        ),
-    ]
+# Generated by Django 2.2 on 2019-09-13 11:43
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('entities', '0009_auto_20190911_1845'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='changerequestformapprovers',
+            name='archived_at',
+        ),
+        migrations.RemoveField(
+            model_name='changerequestformattachments',
+            name='archived_at',
+        ),
+        migrations.RemoveField(
+            model_name='changerequestformdetails',
+            name='archived_at',
+        ),
+        migrations.RemoveField(
+            model_name='changerequestformheader',
+            name='archived_at',
+        ),
+        migrations.RemoveField(
+            model_name='changerequestformstakeholders',
+            name='archived_at',
+        ),
+    ]
--- a/app/entities/migrations/0011_merge_20190913_1545.py
+++ b/app/entities/migrations/0011_merge_20190913_1545.py
+# Generated by Django 2.2 on 2019-09-13 15:45
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('entities', '0008_passwordreset'),
+        ('entities', '0010_auto_20190913_1143'),
+    ]
+
+    operations = [
+    ]
--- a/app/entities/models.py
+++ b/app/entities/models.py
@@ -938,3 +938,28 @@ class EmailLogs(AuditClass):
    recipients = models.CharField(max_length=255)
    content = models.TextField()
    is_sent = models.BooleanField(default=True)
+
+    class Meta:
+        db_table = 'email_logs'
+
+
+class PasswordReset(models.Model):
+    email = models.EmailField(max_length=255)
+    token = models.CharField(max_length=255)
+    created_at = models.DateTimeField()
+    timeout_at = models.DateTimeField()
+    is_active = models.BooleanField(default=True)
+    code = models.CharField(max_length=50)
+
+    # def save(self, *args, **kwargs):
+    #     super(PasswordReset, self).save(*args, **kwargs)
+    #     timeout_at = created_at + datetime.timedelta(days=1)
+    #     if self.timeout_at == '':
+    #         self.timeout_at = timeout_at
+    #         self.save()
+
+    def __str__(self):
+        return self.email
+
+    class Meta:
+        db_table = 'password_resets'
--- a/app/helper/decorators.py
+++ b/app/helper/decorators.py
@@ -59,6 +59,15 @@ class rms:
    #         return function(self, request, *args, **kwargs)
    #     return wrapper

+    @staticmethod
+    def admin_permission(function):
+        @wraps(function)
+        def wrapper(self, request, *args, **kwargs):
+            if rms.user_type(self) == rms.enums_user:
+                raise ParseError(access_error)
+            return function(self, request, *args, **kwargs)
+        return wrapper
+
    @staticmethod
    def user_create(function):
        @wraps(function)

--- a/app/helper/email_service/sender.py
+++ b/app/helper/email_service/sender.py
--- a/app/helper/email_service/templates/RMS-ACTIONREQUIRED-VENDOR.html
+++ b/app/helper/email_service/templates/RMS-ACTIONREQUIRED-VENDOR.html
+<!DOCTYPE html>
+<html>
+<head>
+<title>RMS: Acknowledgement Notification</title>
+</head>
+<body style="font-family: arial;">
+
+<img src="https://s18.directupload.net/images/190807/wjwrxx5i.jpg" width="100px" />
+
+<h3>Resource Management System &#40;RMS&#41;</h3>
+<h3 style="color:#888888;">Change Request Acknowledgement Notification</h3><br>
+
+<p>Dear {name},</p><br>
+<p>A change request has been submitted for your acknowledgement. Please see the details of the change request below.</p><br>
+            
+<b>CR Number</b><br>{cr_number}<br><br>
+<b>CR Name</b><br>{cr_name}<br><br>
+<b>Company Requested To</b><br>{company_requestedto}<br><br>
+<b>Department Requested To</b><br>{department_requestedto}<br><br>
+<b>Priority Level</b><br>{priority_level}<br><br>
+<b>Status</b><br>{status}<br><br>
+    
+<p>Please click <u><a href="{url}" style="text-decoration:underline;color:#007bff;" target="_blank">here</a></u> to access the change request.</p><br>
+
+    
+<p>Sincerely,</p>
+<p>RMS Team</p><br><br>
+    
+<p>Powered by</p>
+<img src="https://s18.directupload.net/images/190807/jaewp4nx.png" width="120px"/>
+    
+</body>
+</html>
\ No newline at end of file
--- a/app/helper/email_service/templates/RMS-ACTIONREQUIRED.html
+++ b/app/helper/email_service/templates/RMS-ACTIONREQUIRED.html
+<!DOCTYPE html>
+<html>
+<head>
+<title>RMS: Approval Notification</title>
+</head>
+<body style="font-family: arial;">
+
+<img src="https://s18.directupload.net/images/190807/wjwrxx5i.jpg" width="100px" />
+
+<h3>Resource Management System &#40;RMS&#41;</h3>
+<h3 style="color:#888888;">Change Request Approval Notification</h3><br>
+
+<p>Dear {name},</p><br>
+<p>A change request has been submitted for your approval. Please see the details of the change request below.</p><br>
+            
+<b>CR Number</b><br>{cr_number}<br><br>
+<b>CR Name</b><br>{cr_name}<br><br>
+<b>Company Requested To</b><br>{company_requestedto}<br><br>
+<b>Department Requested To</b><br>{department_requestedto}<br><br>
+<b>Priority Level</b><br>{priority_level}<br><br>
+<b>Status</b><br>{status}<br><br>
+    
+<p>Please click <u><a href="{url}" style="text-decoration:underline;color:#007bff;" target="_blank">here</a></u> to access the change request.</p><br>
+
+    
+<p>Sincerely,</p>
+<p>RMS Team</p><br><br>
+    
+<p>Powered by</p>
+<img src="https://s18.directupload.net/images/190807/jaewp4nx.png" width="120px"/>
+    
+</body>
+</html>
\ No newline at end of file
--- a/app/helper/email_service/templates/RMS-ADMINRESET.html
+++ b/app/helper/email_service/templates/RMS-ADMINRESET.html
+<!DOCTYPE html>
+<html>
+<head>
+<title>RMS: New User Created</title>
+</head>
+<body style="font-family: arial;">
+
+<div style="max-width:100px!important;">
+<img src="https://s18.directupload.net/images/190807/wjwrxx5i.jpg"/>
+</div>
+
+<h3>Resource Management System &#40;RMS&#41;</h3>
+<h3 style="color:#888888;">Reset Password</h3><br>
+
+<p>Dear {name},</p><br>
+<p>Your password have been reset by the admin. Please see details below.</p><br>
+    
+<b>Username</b><br>{username}<br><br>
+<b>Password</b><br>{password}<br><br>
+
+<p>You may change your password through the <u><a href="http://staging.rms.oneberrysystem.com/cms/profile/" style="text-decoration:underline;color:#007bff;" target="_blank">my profile</a></u> section of RMS any time.</p><br>
+    
+<p>Sincerely,</p>
+<p>RMS Team</p><br><br>
+    
+<p>Powered by</p>
+<img src="https://s18.directupload.net/images/190807/jaewp4nx.png" width="120px"/>
+    
+</body>
+</html>
\ No newline at end of file
--- a/app/helper/email_service/templates/RMS-CRACCEPTED.html
+++ b/app/helper/email_service/templates/RMS-CRACCEPTED.html
+<!DOCTYPE html>
+<html>
+<head>
+<title>RMS: Change Request Accepted</title>
+</head>
+<body style="font-family: arial;">
+
+<img src="https://s18.directupload.net/images/190807/wjwrxx5i.jpg" width="100px"/>
+
+<h3>Resource Management System &#40;RMS&#41;</h3>
+<h3 style="color:#888888;">Change Request Accepted</h3><br>
+
+<p>Dear {name},</p><br>
+<p>A change request you have completed has been accepted by the requestor. Please see the details of your change request below.</p><br>
+        
+<b>Accepted By</b><br>{accepted_by}<br><br>
+<b>Routing Level</b><br>{routing_level}<br><br>
+<b>Status</b><br>{status}<br><br><br>
+    
+<b>CR Number</b><br>{cr_number}<br><br>
+<b>CR Name</b><br>{cr_name}<br><br>
+<b>Company Requested To</b><br>{company_requestedto}<br><br>
+<b>Department Requested To</b><br>{department_requestedto}<br><br>
+<b>Priority Level</b><br>{priority_level}<br><br>
+    
+<p>Please click <u><a href="{url}" style="text-decoration:underline;color:#007bff;" target="_blank">here</a></u> to access your change request.</p><br>
+    
+<p>Sincerely,</p>
+<p>RMS Team</p><br><br>
+    
+<p>Powered by</p>
+<img src="https://s18.directupload.net/images/190807/jaewp4nx.png" width="120px"/>
+    
+</body>
+</html>
\ No newline at end of file
--- a/app/helper/email_service/templates/RMS-CRACKNOWLEDGE.html
+++ b/app/helper/email_service/templates/RMS-CRACKNOWLEDGE.html
+<!DOCTYPE html>
+<html>
+<head>
+<title>RMS: Change Request Acknowledged</title>
+</head>
+<body style="font-family: arial;">
+
+<img src="https://s18.directupload.net/images/190807/wjwrxx5i.jpg" width="100px"/>
+
+<h3>Resource Management System &#40;RMS&#41;</h3>
+<h3 style="color:#888888;">Change Request Acknowledged</h3><br>
+
+<p>Dear {name},</p><br>
+<p>Your change request has been acknowledged. Please see the details of your change request below.</p><br>
+        
+<b>Acknowledged By</b><br>{acknowledge_by}<br><br>
+<b>Routing Level</b><br>{routing_level}<br><br>
+<b>Status</b><br>{status}<br><br><br>
+    
+<b>CR Number</b><br>{cr_number}<br><br>
+<b>CR Name</b><br>{cr_name}<br><br>  
+<b>Company Requested To</b><br>{company_requestedto}<br><br>
+<b>Department Requested To</b><br>{department_requestedto}<br><br>
+<b>Priority Level</b><br>{priority_level}<br><br>
+    
+<p>Please click <u><a href="{url}" style="text-decoration:underline;color:#007bff;" target="_blank">here</a></u> to access the change request.</p><br>
+    
+<p>Sincerely,</p>
+<p>RMS Team</p><br><br>
+    
+<p>Powered by</p>
+<img src="https://s18.directupload.net/images/190807/jaewp4nx.png" width="120px"/>
+    
+</body>
+</html>
\ No newline at end of file
--- a/app/helper/email_service/templates/RMS-CRAPPROVED.html
+++ b/app/helper/email_service/templates/RMS-CRAPPROVED.html
+<!DOCTYPE html>
+<html>
+<head>
+<title>RMS: Change Request Approved</title>
+</head>
+<body style="font-family: arial;">
+
+<img src="https://s18.directupload.net/images/190807/wjwrxx5i.jpg" width="100px"/>
+
+<h3>Resource Management System &#40;RMS&#41;</h3>
+<h3 style="color:#888888;">Change Request Approved</h3><br>
+
+<p>Dear {name},</p><br>
+<p>Your change request has been approved. Please see the details of your change request below.</p><br>
+        
+<b>Approved By</b><br>{approved_by}<br><br>
+<b>Routing Level</b><br>{routing_level}<br><br>
+<b>Status</b><br>{status}<br><br><br>
+    
+<b>CR Number</b><br>{cr_number}<br><br>
+<b>CR Name</b><br>{cr_name}<br><br>
+<b>Company Requested To</b><br>{company_requestedto}<br><br>
+<b>Department Requested To</b><br>{department_requestedto}<br><br>
+<b>Priority Level</b><br>{priority_level}<br><br>
+    
+<p>Please click <u><a href="{url}" style="text-decoration:underline;color:#007bff;" target="_blank">here</a></u> to access your change request.</p><br>
+    
+<p>Sincerely,</p>
+<p>RMS Team</p><br><br>
+    
+<p>Powered by</p>
+<img src="https://s18.directupload.net/images/190807/jaewp4nx.png" width="120px"/>
+    
+</body>
+</html>
\ No newline at end of file
--- a/app/helper/email_service/templates/RMS-CRCANCELLED.html
+++ b/app/helper/email_service/templates/RMS-CRCANCELLED.html
--- a/app/helper/email_service/templates/RMS-CRCOMPLETED.html
+++ b/app/helper/email_service/templates/RMS-CRCOMPLETED.html
--- a/app/helper/email_service/templates/RMS-CROVERDUE.html
+++ b/app/helper/email_service/templates/RMS-CROVERDUE.html
--- a/app/helper/email_service/templates/RMS-CRREJECTED-VENDOR.html
+++ b/app/helper/email_service/templates/RMS-CRREJECTED-VENDOR.html
--- a/app/helper/email_service/templates/RMS-CRREJECTED.html
+++ b/app/helper/email_service/templates/RMS-CRREJECTED.html
--- a/app/helper/email_service/templates/RMS-NEWUSER.html
+++ b/app/helper/email_service/templates/RMS-NEWUSER.html
--- a/app/helper/email_service/templates/RMS-PASSWORD.html
+++ b/app/helper/email_service/templates/RMS-PASSWORD.html
--- a/app/helper/email_service/templates/RMS-REMINDER-APPROVER.html
+++ b/app/helper/email_service/templates/RMS-REMINDER-APPROVER.html
--- a/app/helper/email_service/templates/RMS-REMINDER-REQUESTOR.html
+++ b/app/helper/email_service/templates/RMS-REMINDER-REQUESTOR.html
--- a/app/helper/email_service/templates/account-created.html
+++ b/app/helper/email_service/templates/account-created.html
--- a/app/helper/email_service/templates/authorised-po-email-to-supplier.html
+++ b/app/helper/email_service/templates/authorised-po-email-to-supplier.html
--- a/app/helper/email_service/templates/collection-email-to-requestor.html
+++ b/app/helper/email_service/templates/collection-email-to-requestor.html
--- a/app/helper/email_service/templates/draft-po-email-to-supplier.html
+++ b/app/helper/email_service/templates/draft-po-email-to-supplier.html
--- a/app/helper/email_service/templates/forgot-password.html
+++ b/app/helper/email_service/templates/forgot-password.html
--- a/app/helper/email_service/templates/items-delivered-email-to-purchasing.html
+++ b/app/helper/email_service/templates/items-delivered-email-to-purchasing.html
--- a/app/helper/email_service/templates/items-delivered-email-to-requestor.html
+++ b/app/helper/email_service/templates/items-delivered-email-to-requestor.html
--- a/app/helper/email_service/templates/new-line-item-added-email-to-requestor.html
+++ b/app/helper/email_service/templates/new-line-item-added-email-to-requestor.html
--- a/app/helper/email_service/templates/new-project-number.html
+++ b/app/helper/email_service/templates/new-project-number.html
--- a/app/helper/email_service/templates/new-user-account.html
+++ b/app/helper/email_service/templates/new-user-account.html
--- a/app/helper/email_service/templates/password-changed.html
+++ b/app/helper/email_service/templates/password-changed.html
--- a/app/helper/email_service/templates/po-and-grninvoice-mismatch-email-to-purchasing.html
+++ b/app/helper/email_service/templates/po-and-grninvoice-mismatch-email-to-purchasing.html
--- a/app/helper/email_service/templates/po-authorisation-email-to-authoriser.html
+++ b/app/helper/email_service/templates/po-authorisation-email-to-authoriser.html
--- a/app/helper/email_service/templates/po-rejected-email-to-requestor.html
+++ b/app/helper/email_service/templates/po-rejected-email-to-requestor.html
--- a/app/helper/email_service/templates/reset-password.html
+++ b/app/helper/email_service/templates/reset-password.html
--- a/app/helper/email_service/templates/stock-requisition-approved-advance.html
+++ b/app/helper/email_service/templates/stock-requisition-approved-advance.html
--- a/app/helper/email_service/templates/stock-requisition-approved.html
+++ b/app/helper/email_service/templates/stock-requisition-approved.html
--- a/app/helper/email_service/templates/stock-requisition-for-new-line-items.html
+++ b/app/helper/email_service/templates/stock-requisition-for-new-line-items.html
--- a/app/helper/email_service/templates/stock-requisition-rejected.html
+++ b/app/helper/email_service/templates/stock-requisition-rejected.html
--- a/app/helper/email_service/templates/stock-requisition.html
+++ b/app/helper/email_service/templates/stock-requisition.html
--- a/config/settings/dev.py
+++ b/config/settings/dev.py
--- a/config/settings/local.py
+++ b/config/settings/local.py
--- a/config/settings/production.py
+++ b/config/settings/production.py
--- a/env.template.ini
+++ b/env.template.ini
--- a/requirements/RMSv2.postman_collection.json
+++ b/requirements/RMSv2.postman_collection.json